Aptosi Services Privacy Policy
Document Creation July 1, 2025
Last Updated: January 28, 2026
Thank you for choosing the Aptosi Agent & Platform ("the Service"). This Privacy Policy is designed to help you understand how we collect, use, and safeguard the information you provide when using our Dashboard Platform, API Integrations, and Chrome Browser Extension. Your privacy is important to us, and we are committed to protecting it.
Our Commitment to Your Privacy
The Aptosi Service is designed with your privacy and security as a top priority. Our goal is to provide intelligent, AI-driven invoice verification and fraud prevention with minimal data collection necessary to perform our service. We only access your data to provide and improve the service, and we do not sell your personal information to third parties.
What Information We Collect and Why
To provide our services, we need to access certain data from your connected accounts (Google or Microsoft) and your browser. We believe in transparency, so we have detailed what we collect and why in the table below.
Data Collection & Usage Table
| Data We Collect | How We Collect It | Why We Collect It (Purpose) | How We Use It |
|---|---|---|---|
| User Account Information (e.g., name, email address, profile picture) | When you authenticate with your Google or Microsoft account via OAuth. | To identify you as a user, create your Aptosi account, and associate your account with your organization's data. | We use this information to display your user profile within the Dashboard/Agent and to securely link your account to the data we process. |
| Email Content & Attachments (e.g., PDF/Word attachments, headers, subject lines) | Via secure API Integrations (Gmail API or Microsoft Graph API) after you explicitly grant authorization. | Core Functionality: To find, classify, and analyze documents that are likely invoices. | We process email attachments on our secure servers to extract invoice data. Note: We do not store your entire inbox. We strictly process emails identified as relevant to Accounts Payable. |
| Extracted Invoice & Vendor Data (e.g., vendor names, amounts, dates, bank details) | Automatically, using Artificial Intelligence (AI) models to analyze the content of identified invoices. | To verify invoice details against your database of approved vendors and detect fraud. | This extracted data is compared against your vendor records to determine a "Match" or "Mismatch" status. Results are stored in our secure cloud database (Firebase) to provide audit logs. |
| Processing Statistics & Status(e.g., "Match", "Mismatch", "Unknown" counts) | Synced between the Aptosi Dashboard and the Chrome Extension. | To provide real-time visibility into your AP workflow directly in your browser. | The Chrome Extension retrieves these statistics to display status notifications, allowing you to monitor progress without constantly refreshing the Dashboard. |
| Anonymous Usage & Analytics Data (e.g., feature usage, performance metrics, browser type) | Through integration with Google Analytics 4. | To understand how users interact with the Service, identify bugs, and improve our product. | This data is aggregated and anonymized. We use it to make data-driven decisions about new features, performance improvements, and user experience enhancements. |
| Local Extension Data (e.g., session tokens, sync timestamps) | Through the chrome.storage API, which stores data locally in your browser. | To maintain your secure session and ensure the Extension stays synced with the Platform. | We store authentication tokens and synchronization timestamps locally to prevent the need for frequent re-logins and to reduce redundant network requests. |
Third-Party Services
We utilize the following third-party services to provide the functionality of the Service:
- Google APIs (Gmail & OAuth): We use Google's APIs to authenticate you and access your Gmail data based on the permissions you grant. All data accessed via these APIs is handled in accordance with the Google API Services User Data Policy, including the Limited Use requirements.
- Microsoft Graph API: We use Microsoft's APIs to authenticate Microsoft 365 users and access relevant Outlook data. Data accessed via Microsoft Graph is used solely to provide invoice verification features and is not used for secondary purposes like advertising.
- Microsoft Graph API: We use Microsoft's APIs to authenticate Microsoft 365 users and access relevant Outlook data. Data accessed via Microsoft Graph is used solely to provide invoice verification features and is not used for secondary purposes like advertising.
- Firebase (by Google): We use Firebase for secure user authentication and as a cloud database (Firestore) to store information about processed invoices.
- Google Analytics: We use Google Analytics to collect anonymous usage statistics to help us improve the Agent.
Data Security
We implement a variety of security measures to maintain the safety of your personal information.
- Encryption: Your data is transmitted over secure SSL/TLS channels, and our database is protected by strict security rules.
- Server-Side Processing: Sensitive analysis (AI extraction) occurs on our secure servers, not on your local device, reducing the risk of data exposure.
- Access Control: We do not store your Google or Microsoft passwords. Access to your data is strictly limited to the permissions you grant and is automated by the system.
Data Retention
We retain the data we collect for as long as necessary to provide the service and for legitimate business purposes.
- Invoice Records: Extracted invoice data is retained to provide you with historical audit trails and fraud reporting.
- Anonymized Data: Anonymized usage data may be kept indefinitely for statistical analysis. Deletion: You can request the deletion of your account and associated data by contacting us.
Your Rights and Choices
- Revoke Access: You can revoke the Service's access to your Google or Microsoft Account at any time through your respective account security settings. If you do so, the Service will no longer be able to sync or verify your data.
- Uninstall: You can uninstall the Agent from your browser at any time.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
Contact Us
If you have any questions about this Privacy Policy, please contact us at dev@aptosi.com